Data Access Policy

This Data Access Policy governs how participants in the VAULT benchmark platform access, interact with, and may use data within the VAULT system. By participating in VAULT, you agree to this policy in full.

VAULT is operated by ANIML Health. Capitalized terms not defined here have the meanings given in the Governance Charter.

Approved participants are granted access to:

• → The VAULT API, for submitting models and triggering benchmark evaluations
• → Benchmark result metrics for their own runs (composite and sub-scores)
• → Their private benchmark report, accessible via dashboard and API
• → The public leaderboard (all users, including unauthenticated)
• → Grader methodology documentation (summary level)

The following data is permanently restricted and will never be made available to participants under any circumstances:

• — Raw or anonymized benchmark clinical records, in whole or in part
• — Any data that would enable reconstruction of a clinical record
• — Per-case outputs from the benchmark evaluation
• — The internal grader implementation, rubric details, or scoring weights
• — Other participants' private run data or metrics
• — ANIML Health's internal evaluation logs beyond what is provided in reports

VAULT collects only the data necessary to operate the benchmark. Participant data collected includes: name, email, organization details, model endpoint credentials (encrypted), benchmark run parameters, and aggregate results.

Raw model outputs collected during evaluation are stored encrypted for internal grading only. These outputs are automatically purged after grading is complete and are never accessible via API or dashboard.

Benchmark metrics and reports are retained for the life of the participant account. Account data is deleted within 90 days of account termination upon written request.

Participants are responsible for:

• → Keeping their API keys confidential and not sharing them with unauthorized parties
• → Promptly revoking compromised keys via the dashboard or API
• → Ensuring their inference endpoint is secure and does not expose patient data
• → Reporting suspected unauthorized access to benchmark@animl.health immediately

Violations of this policy may result in immediate suspension or permanent revocation of access, removal of published leaderboard entries, legal action where applicable, and public disclosure of the violation at ANIML Health's discretion if it materially affects benchmark integrity.

For questions about this policy or to report a data concern, contact benchmark@animl.health.